A previous column described the $4.4 million paid to ransomwire pirates by Colonial Pipeline to free its computer systems. The Federal government recently touted its recovery of $2.3 million of the ransom.
Perhaps it’s time to engage privateers.
Spiking The Ball On The Three-Yard Line
Federal authorities celebrated their recovery of $2.3 million, or 52%, of the ransom paid.
“The extortionists will never see this money,” crowed Stephanie Hinds, acting U.S. Attorney for the Northern District of California. “This case demonstrates our resolve to develop methods to prevent evildoers from converting new methods of payment into tools and extortion for undeserved profits.”
Given that Hinds’ evildoers still made off with $2.1 million, what exactly does the case demonstrate? That evildoing still pays pretty well? That the federal government confuses resolve with results? That 52% is close enough for government work?
Finder’s Fee, Or Protection Payment?
It appears unclear whether recovery of 52% of ransom represents an enormous technical feat.
“Blockchain has repeatedly shown its traceability, since every single transaction is recorded and made publicly available in perpetuity,” said Nithin Palavalli, CEO of RubiX, a provider of Blockchain-as-a-Service (BaaS) and security solutions.
Given the pirates’ suspected location in Russia, however, one wonders whether the partial recovery resulted from the U.S. Government’s technical wizardry, or from a deal being cut with the Russian authorities who succor the pirates.
This leads to a deep philosophical question: how many bitcoins can fit into a payoff envelope?
It Takes An Outlaw To Catch An Outlaw
Letters Of Marque And Reprisal Issued To Privateers
In centuries past, governments at war would issue letters of marque and reprisal to private ship owners. Issuing such letters constitutes an enumerated power of the U.S. Congress under Article 1, Section 8 of the Constitution.
Letters of marque and reprisal license the privateer to attack and capture vessels belonging to enemy navies and merchant fleets. The license authorizes crossing international borders to conduct reprisals.
In years past, privateers could win title to captured vessels and cargoes by bringing them to the letter-issuing government’s admiralty court.
Cyberspace As The New High Seas
Cyberspace represents the high seas of 21st century commerce and communications.
Who would prove more effective in preventing or avenging ransomware piracy, “close-enough” government law enforcement, or crack private-sector software teams?
If engaging privateers seems far-fetched for the 21st century, the idea was already floated in the wake of the September 9/11 attacks 20 years ago.
And is there a better way to characterize, non-state actors — sheltered by and in Russia, China, and Iran — who prey upon U.S. and EU government installations and businesses?
Plus ça change…